Sidekick Os Pro V2.0
v1.0.0AI副业搞钱搭子,根据用户实时情况和市场动态生成个性化副业方案,提供可落地的执行流程和具体动作
⭐ 0· 105·0 current·0 all-time
by@e2e5g
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (副业方案生成与跟踪) match the included scripts: market analysis, proposal generation, and a local execution tracker. There are no unrelated env vars, binaries, or cloud credentials requested.
Instruction Scope
SKILL.md asks for user profile info (skills, time, budget, goals) which is appropriate for generating plans. Instructions do not ask the agent to read system files, secrets, or external endpoints beyond performing market analysis and generating plans.
Install Mechanism
No install spec (instruction-only) which is low risk. However, the skill bundles runnable Python scripts (no external downloads). There are no network download URLs or package installs in the bundle.
Credentials
The skill requests no environment variables or credentials. It does, however, collect and process user-provided personal information (profile, goals) and stores tracking data to local JSON files—this is proportional to its purpose but has privacy implications.
Persistence & Privilege
always:false and no elevated privileges. The tracker creates and writes execution_data_{user_id}.json in the working directory, so the skill persists user data locally; it does not modify other skills or system-wide config.
Assessment
This skill appears to do what it says: analyze market options, produce step-by-step side‑hustle plans, and locally track progress. Before installing or running it: 1) Review the three Python scripts yourself (they are included) to confirm behavior. 2) Be aware the tracker writes execution_data_{user_id}.json to the working directory containing user-provided info—avoid supplying sensitive PII. 3) SKILL.md references 'references/*.json' files that are not present in the manifest; running the scripts may rely on defaults or fail if those files are missing—test in a sandbox first. 4) If you will run these scripts on a shared machine, choose a dedicated directory or sandbox to avoid leaking data. 5) If you want networked market data or third‑party integrations, expect those to be added later — re-review any new versions that introduce network calls or credential requests.Like a lobster shell, security has layers — review code before you run it.
latestvk977e4r3ryyyyzyj5qcapvrhgd83awbc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.